PDA

View Full Version : Revirgin 1.2 beta just released

tsehp
09-14-2001, 07:58 PM
1.2 beta
The tracer is entirely redesigned, and a device driver has been added to support win2k + future xp.
A function ‘api emulator’ is added, it resolve asprotect’s small api emulation, like getcommandlineA or getProcessId for example, use them after a resolve again or unsuccessfull tracing.

A tracer is added, it’s provided to help you find the target’s oep and dump the app (using procdump actually)

see the readme.doc for details

The install is now on a msi, done on a cracked wise installer but uncomplete, so you'll have to bear the evaluation messages when you install it for a little time.

beta available at tsehp.cjb.net

regards,

tsehp
Js
09-15-2001, 05:55 AM
Hiya tsehp,
Sounds good. Do I need a tracer to find where to get it from?
regards
tsehp
09-15-2001, 07:21 AM
Quote:
Originally posted by Js
Hiya tsehp,
Sounds good. Do I need a tracer to find where to get it from?
regards


he he ! at usual place : tsehp.cjb.net on the main page !
SpeKKeL
09-16-2001, 03:18 PM
Don't know if i'am the only one but
using the api/emulator revirgin crashes..
Tried several times on aiswpp.exe as you explained
but it keeps going wrong when i use this option.
Have reinstalled and throwed away urlier versions of
thread and tracer.dll.
Using w98 (first ed.)With or without icedump running.
I didn't got any error messages, revirgin freezes......brrrr.

Just to inform you and to get some response from other
users...

Spekkel


tsehp
09-16-2001, 06:42 PM
Quote:
Originally posted by SpeKKeL
Don't know if i'am the only one but
using the api/emulator revirgin crashes..
Tried several times on aiswpp.exe as you explained
but it keeps going wrong when i use this option.
Have reinstalled and throwed away urlier versions of
thread and tracer.dll.
Using w98 (first ed.)With or without icedump running.
I didn't got any error messages, revirgin freezes......brrrr.

Just to inform you and to get some response from other
users...

Spekkel




ok, give me more details :
aiswpp : what iat did you tried with the api emulator

w98 : don't have it but only win_me, it freezes when ? when loading when resolving ?
SpeKKeL
09-17-2001, 03:04 AM
Ok,

tried with : oep 51a59c
start 124190
length 7b8

After iat-resolver and resolve again there are 7 entries open:

170c548 red/emul.
170c90c red/emul.
170c960 (no comment)
170c968 (no comment)
170c928 (no comment)
170c958 (no comment)
170c974 (no comment)

Now when i choose one of them (doesn't matter which one)
right-click and try api-emul revirgin freezes..

Spekkel
SpeKKeL
09-17-2001, 03:22 AM
BTw when i use the option trace, only the redirected (get command linea, getcurrentprocessid, etc) 5 entries are still left.

Spek
tsehp
09-17-2001, 03:17 PM
thanks spekkel,

download the new msi now, it's fixed. It was only a problem when the tracer was unloading itself from main target.

The 5 entries left are emulated api's.

try them, you can all select them and do at once.

regards
SpeKKeL
09-18-2001, 10:00 AM
Okeeee

All goes well, no more freezing allllll resolved !

Thanks ....Spekkel
tsehp
09-18-2001, 04:49 PM
keep looking for the build versions now...

the goal is to add now some dumping features on the tracer, and also to prevent some alexey tricks, I'll give more details if you email me

actually no known targets resisted to this new beta, the goal is to find one... (what a self sufficient lamer I am... )